spegel-org · phillebaba · May 14, 2024 · May 14, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - [#475](https://github.com/XenitAB/spegel/pull/475) Move resolving ref to digest to manifest handler.
+- [#477](https://github.com/XenitAB/spegel/pull/477) Refactor distribution ref to simplify registry routing.
 
 ### Deprecated
 

diff --git a/pkg/registry/distribution.go b/pkg/registry/distribution.go
@@ -3,17 +3,32 @@ package registry
 import (
 	"fmt"
 	"regexp"
+	"strings"
 
 	"github.com/opencontainers/go-digest"
 )
 
-type referenceType string
+type referenceKind string
 
 const (
-	referenceTypeManifest = "Manifest"
-	referenceTypeBlob     = "Blob"
+	referenceKindManifest = "Manifest"
+	referenceKindBlob     = "Blob"
 )
 
+type reference struct {
+	kind referenceKind
+	name string
+	dgst digest.Digest
+}
+
+func (r reference) hasLatestTag() bool {
+	if r.name == "" {
+		return false
+	}
+	_, tag, _ := strings.Cut(r.name, ":")
+	return tag == "latest"
+}
+
 // Package is used to parse components from requests which comform with the OCI distribution spec.
 // https://github.com/opencontainers/distribution-spec/blob/main/spec.md
 // /v2/<name>/manifests/<reference>
@@ -27,22 +42,34 @@ var (
 	blobsRegexDigest    = regexp.MustCompile(`/v2/` + nameRegex.String() + `/blobs/(.*)`)
 )
 
-func parsePathComponents(registry, path string) (string, digest.Digest, referenceType, error) {
+func parsePathComponents(registry, path string) (reference, error) {
 	comps := manifestRegexTag.FindStringSubmatch(path)
 	if len(comps) == 6 {
 		if registry == "" {
-			return "", "", "", fmt.Errorf("registry parameter needs to be set for tag references")
+			return reference{}, fmt.Errorf("registry parameter needs to be set for tag references")
+		}
+		name := fmt.Sprintf("%s/%s:%s", registry, comps[1], comps[5])
+		ref := reference{
+			kind: referenceKindManifest,
+			name: name,
 		}
-		ref := fmt.Sprintf("%s/%s:%s", registry, comps[1], comps[5])
-		return ref, "", referenceTypeManifest, nil
+		return ref, nil
 	}
 	comps = manifestRegexDigest.FindStringSubmatch(path)
 	if len(comps) == 6 {
-		return "", digest.Digest(comps[5]), referenceTypeManifest, nil
+		ref := reference{
+			kind: referenceKindManifest,
+			dgst: digest.Digest(comps[5]),
+		}
+		return ref, nil
 	}
 	comps = blobsRegexDigest.FindStringSubmatch(path)
 	if len(comps) == 6 {
-		return "", digest.Digest(comps[5]), referenceTypeBlob, nil
+		ref := reference{
+			kind: referenceKindBlob,
+			dgst: digest.Digest(comps[5]),
+		}
+		return ref, nil
 	}
-	return "", "", "", fmt.Errorf("distribution path could not be parsed")
+	return reference{}, fmt.Errorf("distribution path could not be parsed")
 }
diff --git a/pkg/registry/distribution_test.go b/pkg/registry/distribution_test.go
@@ -12,44 +12,44 @@ func TestParsePathComponents(t *testing.T) {
 		name            string
 		registry        string
 		path            string
-		expectedRef     string
+		expectedName    string
 		expectedDgst    digest.Digest
-		expectedRefType referenceType
+		expectedRefKind referenceKind
 	}{
 		{
 			name:            "valid manifest tag",
 			registry:        "example.com",
 			path:            "/v2/foo/bar/manifests/hello-world",
-			expectedRef:     "example.com/foo/bar:hello-world",
+			expectedName:    "example.com/foo/bar:hello-world",
 			expectedDgst:    "",
-			expectedRefType: referenceTypeManifest,
+			expectedRefKind: referenceKindManifest,
 		},
 		{
 			name:            "valid blob digest",
 			registry:        "docker.io",
 			path:            "/v2/library/nginx/blobs/sha256:295c7be079025306c4f1d65997fcf7adb411c88f139ad1d34b537164aa060369",
-			expectedRef:     "",
+			expectedName:    "",
 			expectedDgst:    digest.Digest("sha256:295c7be079025306c4f1d65997fcf7adb411c88f139ad1d34b537164aa060369"),
-			expectedRefType: referenceTypeBlob,
+			expectedRefKind: referenceKindBlob,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ref, dgst, refType, err := parsePathComponents(tt.registry, tt.path)
+			ref, err := parsePathComponents(tt.registry, tt.path)
 			require.NoError(t, err)
-			require.Equal(t, tt.expectedRef, ref)
-			require.Equal(t, tt.expectedDgst, dgst)
-			require.Equal(t, tt.expectedRefType, refType)
+			require.Equal(t, tt.expectedName, ref.name)
+			require.Equal(t, tt.expectedDgst, ref.dgst)
+			require.Equal(t, tt.expectedRefKind, ref.kind)
 		})
 	}
 }
 
 func TestParsePathComponentsInvalidPath(t *testing.T) {
-	_, _, _, err := parsePathComponents("example.com", "/v2/spegel-org/spegel/v0.0.1")
+	_, err := parsePathComponents("example.com", "/v2/spegel-org/spegel/v0.0.1")
 	require.EqualError(t, err, "distribution path could not be parsed")
 }
 
 func TestParsePathComponentsMissingRegistry(t *testing.T) {
-	_, _, _, err := parsePathComponents("", "/v2/spegel-org/spegel/manifests/v0.0.1")
+	_, err := parsePathComponents("", "/v2/spegel-org/spegel/manifests/v0.0.1")
 	require.EqualError(t, err, "registry parameter needs to be set for tag references")
 }
diff --git a/pkg/registry/registry.go b/pkg/registry/registry.go
@@ -14,7 +14,6 @@ import (
 	"time"
 
 	"github.com/go-logr/logr"
-	"github.com/opencontainers/go-digest"
 
 	"github.com/spegel-org/spegel/internal/mux"
 	"github.com/spegel-org/spegel/pkg/metrics"
@@ -172,30 +171,17 @@ func (r *Registry) registryHandler(rw mux.ResponseWriter, req *http.Request) str
 
 	// Parse out path components from request.
 	registryName := req.URL.Query().Get("ns")
-	ref, dgst, refType, err := parsePathComponents(registryName, req.URL.Path)
+	ref, err := parsePathComponents(registryName, req.URL.Path)
 	if err != nil {
 		rw.WriteError(http.StatusNotFound, err)
 		return ""
 	}
 
-	// Check if latest tag should be resolved
-	if !r.resolveLatestTag && ref != "" {
-		_, tag, _ := strings.Cut(ref, ":")
-		if tag == "latest" {
-			rw.WriteHeader(http.StatusNotFound)
-			return ""
-		}
-	}
-
 	// Request with mirror header are proxied.
 	if req.Header.Get(MirroredHeaderKey) != "true" {
 		// Set mirrored header in request to stop infinite loops
 		req.Header.Set(MirroredHeaderKey, "true")
-		key := dgst.String()
-		if key == "" {
-			key = ref
-		}
-		r.handleMirror(rw, req, key)
+		r.handleMirror(rw, req, ref)
 		sourceType := "internal"
 		if r.isExternalRequest(req) {
 			sourceType = "external"
@@ -209,12 +195,12 @@ func (r *Registry) registryHandler(rw mux.ResponseWriter, req *http.Request) str
 	}
 
 	// Serve registry endpoints.
-	switch refType {
-	case referenceTypeManifest:
-		r.handleManifest(rw, req, ref, dgst)
+	switch ref.kind {
+	case referenceKindManifest:
+		r.handleManifest(rw, req, ref)
 		return "manifest"
-	case referenceTypeBlob:
-		r.handleBlob(rw, req, dgst)
+	case referenceKindBlob:
+		r.handleBlob(rw, req, ref)
 		return "blob"
 	}
 
@@ -223,7 +209,18 @@ func (r *Registry) registryHandler(rw mux.ResponseWriter, req *http.Request) str
 	return ""
 }
 
-func (r *Registry) handleMirror(rw mux.ResponseWriter, req *http.Request, key string) {
+func (r *Registry) handleMirror(rw mux.ResponseWriter, req *http.Request, ref reference) {
+	if !r.resolveLatestTag && ref.hasLatestTag() {
+		r.log.V(4).Info("skipping mirror request for image with latest tag", "image", ref.name)
+		rw.WriteHeader(http.StatusNotFound)
+		return
+	}
+
+	key := ref.dgst.String()
+	if key == "" {
+		key = ref.name
+	}
+
 	log := r.log.WithValues("key", key, "path", req.URL.Path, "ip", getClientIP(req))
 
 	// Resolve mirror with the requested key
@@ -289,23 +286,23 @@ func (r *Registry) handleMirror(rw mux.ResponseWriter, req *http.Request, key st
 	}
 }
 
-func (r *Registry) handleManifest(rw mux.ResponseWriter, req *http.Request, ref string, dgst digest.Digest) {
-	if dgst == "" {
+func (r *Registry) handleManifest(rw mux.ResponseWriter, req *http.Request, ref reference) {
+	if ref.dgst == "" {
 		var err error
-		dgst, err = r.ociClient.Resolve(req.Context(), ref)
+		ref.dgst, err = r.ociClient.Resolve(req.Context(), ref.name)
 		if err != nil {
 			rw.WriteError(http.StatusNotFound, err)
 			return
 		}
 	}
-	b, mediaType, err := r.ociClient.GetManifest(req.Context(), dgst)
+	b, mediaType, err := r.ociClient.GetManifest(req.Context(), ref.dgst)
 	if err != nil {
 		rw.WriteError(http.StatusNotFound, err)
 		return
 	}
 	rw.Header().Set("Content-Type", mediaType)
 	rw.Header().Set("Content-Length", strconv.FormatInt(int64(len(b)), 10))
-	rw.Header().Set("Docker-Content-Digest", dgst.String())
+	rw.Header().Set("Docker-Content-Digest", ref.dgst.String())
 	if req.Method == http.MethodHead {
 		return
 	}
@@ -316,22 +313,26 @@ func (r *Registry) handleManifest(rw mux.ResponseWriter, req *http.Request, ref
 	}
 }
 
-func (r *Registry) handleBlob(rw mux.ResponseWriter, req *http.Request, dgst digest.Digest) {
-	size, err := r.ociClient.Size(req.Context(), dgst)
+func (r *Registry) handleBlob(rw mux.ResponseWriter, req *http.Request, ref reference) {
+	if ref.dgst == "" {
+		rw.WriteHeader(http.StatusNotFound)
+		return
+	}
+	size, err := r.ociClient.Size(req.Context(), ref.dgst)
 	if err != nil {
 		rw.WriteError(http.StatusInternalServerError, err)
 		return
 	}
 	rw.Header().Set("Content-Length", strconv.FormatInt(size, 10))
-	rw.Header().Set("Docker-Content-Digest", dgst.String())
+	rw.Header().Set("Docker-Content-Digest", ref.dgst.String())
 	if req.Method == http.MethodHead {
 		return
 	}
 	var w io.Writer = rw
 	if r.throttler != nil {
 		w = r.throttler.Writer(rw)
 	}
-	rc, err := r.ociClient.GetBlob(req.Context(), dgst)
+	rc, err := r.ociClient.GetBlob(req.Context(), ref.dgst)
 	if err != nil {
 		rw.WriteError(http.StatusInternalServerError, err)
 		return